1. Field of the Invention
The present invention relates to an authentication method, an authentication device and a computer-readable medium storing instructions for authentication processing capable of ensuring security and usability
2. Description of the Related Art
In view of problems of information leakage in recent years, authentication processing has been used in various scenes for the purpose of enhancing security. For example, when a user intends to operate an information device such as a personal computer or a multifunction peripheral, the user is required to enter an ID and a password, and the operation is allowed only when the entered ID and password match an ID and a password respectively that have been registered in advance.
In the above authentication processing, such a problem is becoming remarkable that a load on the user increases and usability lowers. Specifically, the user has to remember many passwords for various devices, or is required to update frequently the password(s). Further, the operation in itself of entering the password is inconvenient for a user who uses devices without a keyboard such as a compact personal computer, a PDA (Personal Assistance Device) and a cellular phone.
Therefore, various proposals have been made for simplifying the authentication processing. For example, Japanese Laid-Open Patent Publication No. 11-175726 has disclosed an information processing device configured to read out data peculiar to the user when a user enters his/her fingerprint through a terminal provided with a fingerprint authentication device. Japanese Laid-Open Patent Publication No. 2005-335282 has disclosed an image forming device that reads out print data by using corresponding identification information stored in a noncontact IC card held by a user.
For implementing the above method, however, it is necessary to prepare the fingerprint authentication device and/or the noncontact IC card reader, resulting in a problem of increase in cost.
In view of the above, a method that uses an image for the authentication processing is already proposed. For example, Japanese Laid-Open Patent Publication No. 2003-099404 has disclosed a client device and others that can perform authentication by a simple operation without requiring the entry of user's password. Japanese Laid-Open Patent Publication No. 2003-228553 has disclosed a method in which user's personal information formed of at least one unit of information recognizable by the person in question as well as user's non-personal information formed of at least one unit of information unrecognizable by the person in question are registered in advance for the authentication, and it is determined the authentication is successful only when the personal information is selected.
Further, in connection with authentication taking usability into consideration, there has been proposed a scheme in which each user registers in advance an object as a correct key selected from among a plurality of visually distinguishable objects (typically, images or character strings) for using it for the authentication. More specifically, a user selects one certain object from among a plurality of objects such as images or character strings prepared in a system, and registers it in advance as a correct key. In the authentication processing, a list of many objects including the correct key is displayed, and the user selects the object registered as his/her correct key from among the objects displayed in the list form. When the selected object matches the registered correct key, it is determined that the authentication is successful.
The above authentication method suffers from a problem that imbalances are liable to occur in practical selection of the objects from among those displayed as the correct key candidates when the correct key registering operation is performed. Thus, a plurality of users may select the specific object as the correct key from among the objects (i.e., correct key candidates) that are displayed in the list form for selection as the correct key, because the users think that they can remember the above specific object more easily than the others, or the users prefer the above specific object over the other objects. This results in a problem in security. It can be considered that the above is caused by the similarity among the users using the same authentication system. For example, when there are imbalances in gender, age group, hobby and the like, specific objects are likely to be selected, and it can be assumed that a malicious user (attacker) presumes them as the highly possible correct keys.